The Information Systems Security Association (ISSA) plans to establish a standard procedure for determining the monetary value of computer information. The ISSA group in charge of developing the ...standard is the Corresponding Committee on Information Valuation. The standard will provide users with a procedure of estimating how much money a company would lose if certain information were not available. Factored in with these estimates would be the cost of replacing lost information and the possible damage to a firm if information was acquired by competitors. The ISSA plans to publish the standard in Mar 1990.
Argues that the security of automated information systems must be made a management priority and effectively supported. The steps needed to achieve this objective are outlined in the areas of ...information resources management planning, budgeting and costing, directing, organizing, training, and controlling. A list of suggested readings is provided. (six references) (CLB)
Mobile ad hoc networks (MANETs) are collections of wireless mobile devices with restricted broadcast range and resources, and no fixed infrastructure. Communication is achieved by relaying data along ...appropriate routes that are dynamically discovered and maintained through collaboration between the nodes. Discovery of such routes is a major task, both from efficiency and security points of view. Recently, a security model tailored to the specific requirements of MANETs was introduced by Acs, Buttyan, and Vajda. Among the novel characteristics of this security model is that it promises security guarantee under concurrent executions, a feature of crucial practical implication for this type of distributed computation. A novel route discovery algorithm called endairA was also proposed, together with a claimed security proof within the same model. In this paper, we show that the security proof for the route discovery algorithm endairA is flawed, and moreover, this algorithm is vulnerable to a hidden channel attack. We also analyze the security framework that was used for route discovery and argue that composability is an essential feature for ubiquitous applications. We conclude by discussing some of the major security challenges for route discovery in MANETs.
Information Systems Security Assn (ISSA) members officially contested US government data encryption policy proposals at ISSA's annual conference in Mar 1994. The new security and data access measures ...involve the Clipper encryption chip and Skipjack algorithm developed by the National Security Agency. Users such as banks would have to deposit encryption keys for their scrambled data into escrow with federal agencies to be held in the event of investigations or court-ordered wiretaps. ISSA members criticized the security method, saying it would discourage overseas banks and other companies from doing business with the US, because of the uncertain security of Clipper-scrambled data. Foreign governments and corporations would also be reluctant to provide data for a system that has such easy US government access. The Clinton Administration insists that the Clipper system is voluntary, but rumors abound that other encryption methods will become illegal.
Building a Better Boot Camp Ford, Richard; Frincke, Deborah A.
IEEE security & privacy,
01/2010, Volume:
8, Issue:
1
Magazine Article
The field of security is vast, and the temptation is to keep adding to the collection of topics we consider to be basic. However, such an approach is inefficient. This installment focuses on Basic ...Training's underlying mission. In particular, it explores the question of what precisely is basic training in information assurance today and proposes a higher level rather than detail focused approach. The column ends with a request for feedback.
Sally Meglathery, a data security executive and president of the Information Systems Security Association Inc, believes that it is possible for organizations to protect the security of their ...information systems. Most security problems are a result of employees' unintentional lack of adherence to security procedures. Network managers should become committed to maintaining security, and they should train employees about the importance of following security measures. Organizations can easily justify the cost of a security system by examining the risks resulting from the lack of security.
Computer Science and Cryptology : a Border Shift. Turing's work shows the close links between cryptology and mechanization of computation. Their parallel evolution is still shifting many borders : ...between secrecy and transparency, between public and private spheres, between social control and individual freedom, between art and science. This article explores this movement in light of the areas in which it has manifested. Since World War II, cryptology has evolved from an almost exclusively military use to its current ubiquity. This change in use has been accompanied by a transformation in nature, particularly in terms of its relation to science. Handicraft techniques have given way to a new branch of mathematics whose scientific character is as much claimed as controversial, as security is matter for speculation. The questions opened by the theory of complexity find a pictorial illustration with the virtual worlds of Russel Implagliazzo. The societal impact of cryptology is also approached from the point of view of the nature of the exchanges : institutional control or maintenance within private circles. The history of the opposition between state control and freedom of use will be exposed under the law. Finally, the new applications and threats of cryptology, pushing back the boundaries of what is possible, from cloud computing to virtual currencies are discussed.
Les travaux de Turing ont montré les liens étroits qu’entretiendront cryptologie et mécanisation du calcul. Leur évolution parallèle va déplacer de nombreuses frontières : entre secret et transparence, entre sphère publique et sphère privée, entre contrôle social et liberté individuelle, entre art et science. Cet article explore ce mouvement à la lumière des domaines où il s’est manifesté. Depuis la Seconde Guerre mondiale, la cryptologie a évolué d’un usage presque exclusivement militaire à son ubiquité actuelle. Cette mutation d’usage s’est doublée d’une transformation de nature, en particulier sous l’angle du rapport à la science. Les techniques artisanales ont cédé la place à une nouvelle branche des mathématiques dont le caractère scientifique est autant revendiqué que controversé, tant la sécurité est matière à spéculation. Les questions ouvertes par la théorie de la complexité trouvent une illustration imagée avec les mondes virtuels de Russel Implagliazzo. L’impact sociétal de la cryptologie est aussi abordé du point de vue de la nature des échanges : contrôle institutionnel ou maintien au sein de cercles privés. L’histoire de l’opposition entre contrôle étatique et liberté d’usage sera exposé au regard du droit. Sont enfin abordées les nouvelles applications et menaces de la cryptologie, reculant les frontières du possible, de l’informatique en nuage aux monnaies virtuelles.
Guillot Philippe,Durand-Richard Marie-José. Informatique et cryptologie : un déplacement des frontières. In: Intellectica. Revue de l'Association pour la Recherche Cognitive, n°72, 2020/1. Retour à Turing : son héritage aujourd’hui. pp. 141-157.
PDF
